Is it smart to always redirect to https?
Question
I am working on a project where the user will transfer his username to activate the internet. I want to always redirect the user to the https version and make the http version redirect to the https aswell, so there is only an http version. Is this a smart move? Could there be problems with mobile devices (WiFi enabled devices)
Thomas
Solution
I don't think that there are many devices which don't support ssl. There are some stupidly configured proxies, though.
Most site aren't "complete ssl" because of server load, ssl can bring a server to its knees really fast.
OTHER TIPS
If you're transmitting secure data, then it's definitely smart to to redirect to HTTPS. As a hacker, you'd immediately look for the easiest opening in a site. In this case, it would be attacking any devices that are excepted from the SSL rule.